Feature: Externally Managed Authentication

[aRustyDev]

Description

I'm in the process of trying to convince my organization to begin adopting Memphis.
But some of the features still seem to be in development, one of the major missing items is a lack of authentication options.

One of the biggest feature gaps that I can currently see, is a lack of external credential management options. Is there a plan to add additional authentication options? Some start points might include...

OIDC / OAuth2

Having the ability to manage credentials and authentication outside of Memphis would allow customers to more easily adopt and administer access to their Memphis deployment. It would also offload the responsibility of credential management from Memphis itself for production use cases.

If we went with this, then it would allow easy plug-ability for 3rd party Identity providers (GitHub, Google, Okta, etc.)
This method could also allow externally managed authorization, by taking advantage of OIDC scopes.

• scopes vs claims
• oidc scopes

API Configuration of credentials

Alternatively or in addition to OAuth2/OIDC, adding an API configuration option for credentials would allow organizations to implement credential "leasing" via something like HashiCorp Vault. Which would enable protecting the Memphis root credential & enforcing strong passwords by abstracting them from users and creating time limited password+user credentials w/o putting additional configuration load on Memphis.

This should include the ability to create users/groups, roll passwords, and add/remove users from groups. If we are targeting enabling Vault in particular, I believe it would need to be a REST based API.

If this is something that would be appreciated, I'd love to help contribute.
Although I'd very likely need some help from project maintainers on the preferred patterns/syntax for the project.

Additional context

No response

Code of Conduct

• I agree to follow this project's Code of Conduct